serangan virus trojan dan sebagainya dapat mengganggu kinerja sistem teknologi informasi. adapun penggunaan proteksi pada jaringan mikrotik dapat menggunakan konfigurasi script berikut:
1. Pemeriksaan Traffic Jaringan, block traffic yang tidak diinginkan
/ip firewall filter
add chain=forward connection-state=established comment="allow established connections"
add chain=forward connection-state=related comment="allow related connections"
add chain=forward connection-state=invalid action=drop comment="drop invalid connections"
2. Drop paket data yang tidak diinginkan atau berasal dari virus infected hosts.
# resource http://wiki.mikrotik.com/wiki/Protecting_your_customers
/ip firewall filter
add chain=virus protocol=tcp dst-port=135-139 action=drop comment="Drop Blaster Worm"
add chain=virus protocol=udp dst-port=135-139 action=drop comment="Drop Messenger Worm"
add chain=virus protocol=tcp dst-port=445 action=drop comment="Drop Blaster Worm"
add chain=virus protocol=udp dst-port=445 action=drop comment="Drop Blaster Worm"
add chain=virus protocol=tcp dst-port=593 action=drop comment="________"
add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment="________"
add chain=virus protocol=tcp dst-port=1080 action=drop comment="Drop MyDoom"
add chain=virus protocol=tcp dst-port=1214 action=drop comment="________"
add chain=virus protocol=tcp dst-port=1363 action=drop comment="ndm requester"
add chain=virus protocol=tcp dst-port=1364 action=drop comment="ndm server"
add chain=virus protocol=tcp dst-port=1368 action=drop comment="screen cast"
add chain=virus protocol=tcp dst-port=1373 action=drop comment="hromgrafx"
add chain=virus protocol=tcp dst-port=1377 action=drop comment="cichlid"
add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment="Worm"
add chain=virus protocol=tcp dst-port=2745 action=drop comment="Bagle Virus"
add chain=virus protocol=tcp dst-port=2283 action=drop comment="Drop Dumaru.Y"
add chain=virus protocol=tcp dst-port=2535 action=drop comment="Drop Beagle"
add chain=virus protocol=tcp dst-port=2745 action=drop comment="Drop Beagle.C-K"
add chain=virus protocol=tcp dst-port=3127-3128 action=drop comment="Drop MyDoom"
add chain=virus protocol=tcp dst-port=3410 action=drop comment="Drop Backdoor OptixPro"
add chain=virus protocol=tcp dst-port=4444 action=drop comment="Worm"
add chain=virus protocol=udp dst-port=4444 action=drop comment="Worm"
add chain=virus protocol=tcp dst-port=5554 action=drop comment="Drop Sasser"
add chain=virus protocol=tcp dst-port=8866 action=drop comment="Drop Beagle.B"
add chain=virus protocol=tcp dst-port=9898 action=drop comment="Drop Dabber.A-B"
add chain=virus protocol=tcp dst-port=10000 action=drop comment="Drop Dumaru.Y"
add chain=virus protocol=tcp dst-port=10080 action=drop comment="Drop MyDoom.B"
add chain=virus protocol=tcp dst-port=12345 action=drop comment="Drop NetBus"
add chain=virus protocol=tcp dst-port=17300 action=drop comment="Drop Kuang2"
add chain=virus protocol=tcp dst-port=27374 action=drop comment="Drop SubSeven"
add chain=virus protocol=tcp dst-port=65506 action=drop comment="Drop PhatBot, Agobot, Gaobot"
# protocol tcp
# resource http://warnet60.blogspot.com/2010/04/handle-virus-trojan-port-with-mikrotik.html
add action=drop chain=tcp-viruses comment="Socks Des Troie, Death" disabled=no dst-port=1-2 protocol=tcp
add action=drop chain=tcp-viruses comment="Agent 31, Hacker's Paradise, Agent 40421" disabled=no dst-port=30-31 protocol=tcp
add action=drop chain=tcp-viruses comment="More than 3 known worms and trojans use this port" disabled=no dst-port=37 protocol=tcp
add action=drop chain=tcp-viruses comment="Deep Throat Fore play" disabled=no dst-port=41 protocol=tcp
add action=drop chain=tcp-viruses comment="DRAT" disabled=no dst-port=48 protocol=tcp
add action=drop chain=tcp-viruses comment="DRAT" disabled=no dst-port=50 protocol=tcp
add action=drop chain=tcp-viruses comment="DM Setup" disabled=no dst-port=58-59 protocol=tcp
add action=drop chain=tcp-viruses comment="W32.Evala.Worm" disabled=no dst-port=69-70 protocol=tcp
add action=drop chain=tcp-viruses comment="CDK, Firehotcker" disabled=no dst-port=79 protocol=tcp
add action=drop chain=tcp-viruses comment="Beagle.S RemoconChubo" disabled=no dst-port=81 protocol=tcp
add action=drop chain=tcp-viruses comment="More than 3 known worms and trojans use this port" disabled=no dst-port=85-90 protocol=tcp
add action=drop chain=tcp-viruses comment="Common Port for phishing scam sites, Hiddenport, NCX" disabled=no dst-port=99 protocol=tcp
add action=drop chain=tcp-viruses comment="More than 3 known worms and trojans usethis port , Invisible Identd Deamon, Kazimas" disabled=no dst-port=113 protocol=tcp
add action=drop chain=tcp-viruses comment="Happy99" disabled=no dst-port=119 protocol=tcp
add action=drop chain=tcp-viruses comment="Jammer Killah, Attack Bot, God Message" disabled=no dst-port=121 protocol=tcp
add action=drop chain=tcp-viruses comment="Password Generator Protocol" disabled=no dst-port=129 protocol=tcp
add action=drop chain=tcp-viruses comment="Farnaz" disabled=no dst-port=133 protocol=tcp
add action=drop chain=tcp-viruses comment="More than 3 known worms and trojans use this port" disabled=no dst-port=135-139 protocol=tcp
add action=drop chain=tcp-viruses comment="NetTaxi" disabled=no dst-port=142 protocol=tcp
add action=drop chain=tcp-viruses comment="Infector 1.3" disabled=no dst-port=146 protocol=tcp
add action=drop chain=tcp-viruses comment="A.Trojan" disabled=no dst-port=170 protocol=tcp
add action=drop chain=tcp-viruses comment="W32.Rotor" disabled=no dst-port=382 protocol=tcp
add action=drop chain=tcp-viruses comment="Backage" disabled=no dst-port=334 protocol=tcp
add action=drop chain=tcp-viruses comment="Backage" disabled=no dst-port=411 protocol=tcp
add action=drop chain=tcp-viruses comment="W32.kibuv.b, Breach, Incognito, tcp Wrappers" disabled=no dst-port=420-421 protocol=tcp
add action=drop chain=tcp-viruses comment="More than 3 known worms and trojans use this port" disabled=no dst-port=445 in-interface=!ether-local protocol=tcp src-address-list=!pura-local
add action=drop chain=tcp-viruses comment="Fatal Connections - Hacker's Paradise" disabled=no dst-port=455-456 protocol=tcp
add action=drop chain=tcp-viruses comment="Hacker's Paradise" disabled=no dst-port=456 protocol=tcp
add action=drop chain=tcp-viruses comment="Grlogin, RPC backDoor" disabled=no dst-port=513-514 protocol=tcp
add action=drop chain=tcp-viruses comment="W32.kibuv.worm" disabled=no dst-port=530 protocol=tcp
add action=drop chain=tcp-viruses comment="Rasmin, Net666" disabled=no dst-port=531 protocol=tcp
add action=drop chain=tcp-viruses comment="Stealth Spy, Phaze, 7-11 Trojan, Ini-Killer, Phase Zero, Phase-0" disabled=no dst-port=555 protocol=tcp
add action=drop chain=tcp-viruses comment="More than 3 known worms and trojans use this port" disabled=no dst-port=559 protocol=tcp
add action=drop chain=tcp-viruses comment="Sober worm Variants" disabled=no dst-port=587 protocol=tcp
add action=drop chain=tcp-viruses comment="W.32.Sasser worm" disabled=no dst-port=593 protocol=tcp
add action=drop chain=tcp-viruses comment="Secret Service" disabled=no dst-port=605 protocol=tcp
add action=drop chain=tcp-viruses comment="Attack FTP, Back Construction, BLA Trojan, NokNok, satans" disabled=no dst-port=666 protocol=tcp
add action=drop chain=tcp-viruses comment="SnipperNet" disabled=no dst-port=667 protocol=tcp
add action=drop chain=tcp-viruses comment="Dp Trojan" disabled=no dst-port=669 protocol=tcp
add action=drop chain=tcp-viruses comment="GayOL" disabled=no dst-port=692 protocol=tcp
add action=drop chain=tcp-viruses comment="BackDoor.Netcrack.B - AimSpy" disabled=no dst-port=777-778 protocol=tcp
add action=drop chain=tcp-viruses comment="WinHole" disabled=no dst-port=808 protocol=tcp
add action=drop chain=tcp-viruses comment="Common Port for phishing scam sites" disabled=no dst-port=880 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Devil" disabled=no dst-port=901-902 protocol=tcp
add action=drop chain=tcp-viruses comment="Dark Shadow" disabled=no dst-port=911 protocol=tcp
add action=drop chain=tcp-viruses comment="More than 3 known worms and trojans use this port" disabled=no dst-port=999-1001 protocol=tcp
add action=drop chain=tcp-viruses comment="Doly Trojan" disabled=no dst-port=1011-1016 protocol=tcp
add action=drop chain=tcp-viruses comment="Vampire" disabled=no dst-port=1020 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.lingosky" disabled=no dst-port=1024-1025 protocol=tcp
add action=drop chain=tcp-viruses comment="NetSpy, Multidropper" disabled=no dst-port=1033-1035 protocol=tcp
add action=drop chain=tcp-viruses comment="Bla" disabled=no dst-port=1042 protocol=tcp
add action=drop chain=tcp-viruses comment="Rasmin" disabled=no dst-port=1045 protocol=tcp
add action=drop chain=tcp-viruses comment="/sbin/initd - MiniCommand" disabled=no dst-port=1049-1050 protocol=tcp
add action=drop chain=tcp-viruses comment="The Thief, AckCmd" disabled=no dst-port=1053-1054 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Zagaban, WinHole" disabled=no dst-port=1080-1083 protocol=tcp
add action=drop chain=tcp-viruses comment="Xtreme" disabled=no dst-port=1090 protocol=tcp
add action=drop chain=tcp-viruses comment="RAT, Blood Fest Evoltion" disabled=no dst-port=1095-1099 protocol=tcp
add action=drop chain=tcp-viruses comment="More than 3 known worms and trojans use this port" disabled=no dst-port=1111 protocol=tcp
add action=drop chain=tcp-viruses comment="Orion" disabled=no dst-port=1150-1151 protocol=tcp
add action=drop chain=tcp-viruses comment="Psyber Stream Server" disabled=no dst-port=1170 protocol=tcp
add action=drop chain=tcp-viruses comment="SoftWAR,Infector" disabled=no dst-port=1207-1208 protocol=tcp
add action=drop chain=tcp-viruses comment="Kaos" disabled=no dst-port=1212 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Sazo" disabled=no dst-port=1218 protocol=tcp
add action=drop chain=tcp-viruses comment="More than 3 known worms and trojans use this port" disabled=no dst-port=1234 protocol=tcp
add action=drop chain=tcp-viruses comment="Sub Seven" disabled=no dst-port=1243 protocol=tcp
add action=drop chain=tcp-viruses comment="VooDoo Doll" disabled=no dst-port=1245 protocol=tcp
add action=drop chain=tcp-viruses comment="Scarab, Project next" disabled=no dst-port=1255-1256 protocol=tcp
add action=drop chain=tcp-viruses comment="Maverick's Matrix" disabled=no dst-port=1269 protocol=tcp
add action=drop chain=tcp-viruses comment="The Matrix" disabled=no dst-port=1272 protocol=tcp
add action=drop chain=tcp-viruses comment="NETrojan" disabled=no dst-port=1313 protocol=tcp
add action=drop chain=tcp-viruses comment="Millenium Worm" disabled=no dst-port=1338 protocol=tcp
add action=drop chain=tcp-viruses comment="Bo dll" disabled=no dst-port=1349 protocol=tcp
add action=drop chain=tcp-viruses comment="GoFriller, Backdoor G-1" disabled=no dst-port=1394 protocol=tcp
add action=drop chain=tcp-viruses comment="w32.spybot.ofn" disabled=no dst-port=1433 protocol=tcp
add action=drop chain=tcp-viruses comment="remote Storm" disabled=no dst-port=1441 protocol=tcp
add action=drop chain=tcp-viruses comment="FTP99CMP" disabled=no dst-port=1492 protocol=tcp
add action=drop chain=tcp-viruses comment="FunkProxy " disabled=no dst-port=1505 protocol=tcp
add action=drop chain=tcp-viruses comment="Psyber Streaming server" disabled=no dst-port=1509 protocol=tcp
add action=drop chain=tcp-viruses comment="Trinoo" disabled=no dst-port=1524 protocol=tcp
add action=drop chain=tcp-viruses comment="Remote Hack" disabled=no dst-port=1568 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Miffice, Bize.Worm" disabled=no dst-port=1533-1534 protocol=tcp
add action=drop chain=tcp-viruses comment="Shivka-Burka, Direct Connection" disabled=no dst-port=1600 protocol=tcp
add action=drop chain=tcp-viruses comment="ICA Browser" disabled=no dst-port=1604 protocol=tcp
add action=drop chain=tcp-viruses comment="Exploiter" disabled=no dst-port=1703 protocol=tcp
add action=drop chain=tcp-viruses comment="Scarab" disabled=no dst-port=1777 protocol=tcp
add action=drop chain=tcp-viruses comment="Loxbot.d" disabled=no dst-port=1751 protocol=tcp
add action=drop chain=tcp-viruses comment="Loxbot.d" disabled=no dst-port=1772 protocol=tcp
add action=drop chain=tcp-viruses comment="SpySender" disabled=no dst-port=1807 protocol=tcp
add action=drop chain=tcp-viruses comment="More than 3 known worms and trojans use this port" disabled=no dst-port=1863 protocol=tcp
add action=drop chain=tcp-viruses comment="Fake FTP. WM FTP Server" disabled= no dst-port=1966-1967 protocol=tcp
add action=drop chain=tcp-viruses comment="Shockrave, Bowl" disabled=no dst-port=1981 protocol=tcp
add action=drop chain=tcp-viruses comment="OpC BO" disabled=no dst-port=1969 protocol=tcp
add action=drop chain=tcp-viruses comment="More than 3 known worms and trojans use this port" disabled=no dst-port=1999-2005 protocol=tcp
add action=drop chain=tcp-viruses comment="Ripper" disabled=no dst-port=2023 protocol=tcp
add action=drop chain=tcp-viruses comment="W32.korgo.a" disabled=no dst-port=2041 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.TJServ - WinHole" disabled=no dst-port=2080 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Expjan" disabled=no dst-port=2090 protocol=tcp
add action=drop chain=tcp-viruses comment="Bugs" disabled=no dst-port=2115 protocol=tcp
add action=drop chain=tcp-viruses comment="Deep Throat" disabled=no dst-port=2140 protocol=tcp
add action=drop chain=tcp-viruses comment="Illusion Mailer" disabled=no dst-port=2155 protocol=tcp
add action=drop chain=tcp-viruses comment="Nirvana" disabled=no dst-port=2255 protocol=tcp
add action=drop chain=tcp-viruses comment="Hvl RAT, Dumaru" disabled=no dst-port=2283 protocol=tcp
add action=drop chain=tcp-viruses comment="Xplorer" disabled=no dst-port=2300 protocol=tcp
add action=drop chain=tcp-viruses comment="Studio 54" disabled=no dst-port=2311 protocol=tcp
add action=drop chain=tcp-viruses comment="backdoor.shellbot" disabled=no dst-port=2322 protocol=tcp
add action=drop chain=tcp-viruses comment="backdoor.shellbot, Eyeveg.worm.c, contact" disabled=no dst-port=2330-2339 protocol=tcp
add action=drop chain=tcp-viruses comment="vbs.shania" disabled=no dst-port=2414 protocol=tcp
add action=drop chain=tcp-viruses comment="Beagle.N" disabled=no dst-port=2556 protocol=tcp
add action=drop chain=tcp-viruses comment="Striker" disabled=no dst-port=2565 protocol=tcp
add action=drop chain=tcp-viruses comment="WinCrash" disabled=no dst-port=2583 protocol=tcp
add action=drop chain=tcp-viruses comment="The Prayer 1.2 -1.3" disabled=no dst-port=2716 protocol=tcp
add action=drop chain=tcp-viruses comment="Phase Zero" disabled=no dst-port=2721 protocol=tcp
add action=drop chain=tcp-viruses comment="Beagle.J" disabled=no dst-port=2745 protocol=tcp
add action=drop chain=tcp-viruses comment="W32.hllw.deadhat.b" disabled=no dst-port=2766 protocol=tcp
add action=drop chain=tcp-viruses comment="SubSeven" disabled=no dst-port=2773-2774 protocol=tcp
add action=drop chain=tcp-viruses comment="Phineas Phucker" disabled=no dst-port=2801 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Brador.A" disabled=no dst-port=2989 protocol=tcp
add action=drop chain=tcp-viruses comment="Remote Shut" disabled=no dst-port=3000 protocol=tcp
add action=drop chain=tcp-viruses comment="WinCrash" disabled=no dst-port=3024 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Wortbot" disabled=no dst-port=3028 protocol=tcp
add action=drop chain=tcp-viruses comment="W32.Mytob.cz@mm, MicroSpy" disabled=no dst-port=3030-3031 protocol=tcp
add action=drop chain=tcp-viruses comment="W32.korgo.a" disabled=no dst-port=3067 protocol=tcp
add action=drop chain=tcp-viruses comment="More than 3 known worms and trojans use this port" disabled=no dst-port=3127-3198 protocol=tcp
add action=drop chain=tcp-viruses comment="W32.HLLW.Dax" disabled=no dst-port=3256 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Nemog.D" disabled=no dst-port=3306 protocol=tcp
add action=drop chain=tcp-viruses comment="More than 3 known worms and trojans use this port" disabled=no dst-port=3332 protocol=tcp
add action=drop chain=tcp-viruses comment="w32.Mytob.kp@MM" disabled=no dst-port=3385 protocol=tcp
add action=drop chain=tcp-viruses comment="W32.mockbot.a.worm" disabled=no dst-port=3410 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Fearic, Terror Trojan" disabled=no dst-port=3456 protocol=tcp
add action=drop chain=tcp-viruses comment="Eclipse 2000" disabled=no dst-port=3459 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Amitis.B" disabled=no dst-port=3547 protocol=tcp
add action=drop chain=tcp-viruses comment="Portal of Doom" disabled=no dst-port=3700 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.helios" disabled=no dst-port=3737 protocol=tcp
add action=drop chain=tcp-viruses comment="PsychWard" disabled=no dst-port=3777 protocol=tcp
add action=drop chain=tcp-viruses comment="Eclypse" disabled=no dst-port=3791 protocol=tcp
add action=drop chain=tcp-viruses comment="Eclypse" disabled=no dst-port=3801 protocol=tcp
add action=drop chain=tcp-viruses comment="SkyDance,Backdoor.OptixPro.13.C" disabled=no dst-port=4000-4001 protocol=tcp
add action=drop chain=tcp-viruses comment="WinCrash" disabled=no dst-port=4092 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.rcserv" disabled=no dst-port=4128 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Nemog.D - Virtual Hacking Machine" disabled=no dst-port=4242 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.smokodoor" disabled=no dst-port=4300 protocol=tcp
add action=drop chain=tcp-viruses comment="BoBo" disabled=no dst-port=4321 protocol=tcp
add action=drop chain=tcp-viruses comment="Phatbot" disabled=no dst-port=4387 protocol=tcp
add action=drop chain=tcp-viruses comment="More than 3 known worms and trojans use this port" disabled=no dst-port=4444 protocol=tcp
add action=drop chain=tcp-viruses comment="W32.mytob.db" disabled=no dst-port=4512 protocol=tcp
add action=drop chain=tcp-viruses comment="File Nail" disabled=no dst-port=4567 protocol=tcp
add action=drop chain=tcp-viruses comment="ICQ Trojan" disabled=no dst-port=4590 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Nemog.D" disabled=no dst-port=4646 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Nemog.D" disabled=no dst-port=4661 protocol=tcp
add action=drop chain=tcp-viruses comment="Beagle.U" disabled=no dst-port=4751 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.tuxder" disabled=no dst-port=4820 protocol=tcp
add action=drop chain=tcp-viruses comment="W32.Opanki" disabled=no dst-port=4888 protocol=tcp
add action=drop chain=tcp-viruses comment="W32.RaHack" disabled=no dst-port=4899 protocol=tcp
add action=drop chain=tcp-viruses comment="Common Port for phishing scam sites" disabled=no dst-port=4903 protocol= tcp
add action=drop chain=tcp-viruses comment="ICQ Trogen" disabled=no dst-port=4950 protocol=tcp
add action=drop chain=tcp-viruses comment="Sokets de Trois v1./Bubbel, cd00r" disabled=no dst-port=5000-5002 protocol=tcp
add action=drop chain=tcp-viruses comment="Solo,Ootlt" disabled=no dst-port=5010-5011 protocol=tcp
add action=drop chain=tcp-viruses comment="WM Remote Keylogger" disabled=no dst-port=5025 protocol=tcp
add action=drop chain=tcp-viruses comment="Net Metropolitan 1.0" disabled=no dst-port=5031-5032 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.laphex.client" disabled=no dst-port=5152 protocol=tcp
add action=drop chain=tcp-viruses comment="More than 3 known worms and trojans use this port" disabled=no dst-port=5190 protocol=tcp
add action=drop chain=tcp-viruses comment="Firehotcker" disabled=no dst-port=5321 protocol=tcp
add action=drop chain=tcp-viruses comment="Baackage,NetDemon" disabled=no dst-port=5333 protocol=tcp
add action=drop chain=tcp-viruses comment="WC Remote Administration Tool" disabled=no dst-port=5343 protocol=tcp
add action=drop chain=tcp-viruses comment="Blade Runner" disabled=no dst-port=5400-5402 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.DarkSky.B, Backconstruction" disabled=no dst-port=5418-5419 protocol=tcp
add action=drop chain=tcp-viruses comment="Xtcp, Illusion Mailer" disabled=no dst-port=5512 protocol=tcp
add action=drop chain=tcp-viruses comment="The Flu" disabled=no dst-port=5534 protocol=tcp
add action=drop chain=tcp-viruses comment="More than 3 known worms and trojans use this port " disabled=no dst-port=5550-5558 protocol=tcp
add action=drop chain=tcp-viruses comment="Robo-Hack" disabled=no dst-port=5569 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.EasyServ" disabled=no dst-port=5588 protocol=tcp
add action=drop chain=tcp-viruses comment="PC Crasher" disabled=no dst-port=5637-5638 protocol=tcp
add action=drop chain=tcp-viruses comment="WinCrash" disabled=no dst-port=5714 protocol=tcp
add action=drop chain=tcp-viruses comment="WinCrash" disabled=no dst-port=5741-5742 protocol=tcp
add action=drop chain=tcp-viruses comment="Portmap Remote Root Linux Exploit" disabled=no dst-port=5760 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Evivinc" disabled=no dst-port=5800 protocol=tcp
add action=drop chain=tcp-viruses comment="Y3K RAT" disabled=no dst-port=5880 protocol=tcp
add action=drop chain=tcp-viruses comment="Y3K RAT" disabled=no dst-port=5882 protocol=tcp
add action=drop chain=tcp-viruses comment="Y3K RAT" disabled=no dst-port=5888-5889 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Evivinc" disabled=no dst-port=5900 protocol=tcp
add action=drop chain=tcp-viruses comment="LovGate.ak" disabled=no dst-port=6000 protocol=tcp
add action=drop chain=tcp-viruses comment="Bad Blood" disabled=no dst-port=6006 protocol=tcp
add action=drop chain=tcp-viruses comment="W32.mockbot.a.worm" disabled=no dst-port=6129 protocol=tcp
add action=drop chain=tcp-viruses comment="Common Port for phishing scam sites" disabled=no dst-port=6180 protocol= tcp
add action=drop chain=tcp-viruses comment="Trojan.Tilser" disabled=no dst-port=6187 protocol=tcp
add action=drop chain=tcp-viruses comment="Secret Service" disabled=no dst-port=6272 protocol=tcp
add action=drop chain=tcp-viruses comment="The Thing" disabled=no dst-port=6400 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Nemog.D" disabled=no dst-port=6565 protocol=tcp
add action=drop chain=tcp-viruses comment="backdoor.sdbot.ag" disabled=no dst-port=6631 protocol=tcp
add action=drop chain=tcp-viruses comment="TEMan, Weia-Meia" disabled=no dst-port=6661 protocol=tcp
add action=drop chain=tcp-viruses comment="Netbus Worm, winSATAN, Dark FTP, Schedule Agent" disabled=no dst-port=6666-6667 protocol=tcp
add action=drop chain=tcp-viruses comment="Vampyre, Deep Throat" disabled=no dst-port=6669-6671 protocol=tcp
add action=drop chain=tcp-viruses comment="Sub Seven, Backdoor.G" disabled=no dst-port=6711-6713 protocol=tcp
add action=drop chain=tcp-viruses comment="Mstream attack-handler" disabled= no dst-port=6723 protocol=tcp
add action=drop chain=tcp-viruses comment="Deep Throat" disabled=no dst-port=6771 protocol=tcp
add action=drop chain=tcp-viruses comment="Sub Seven, Backdoor.G, W32/Bagle@MM" disabled=no dst-port=6776-6777 protocol=tcp
add action=drop chain=tcp-viruses comment="NetSky.U" disabled=no dst-port=6789 protocol=tcp
add action=drop chain=tcp-viruses comment="Delta source DarkStar" disabled=no dst-port=6883 protocol=tcp
add action=drop chain=tcp-viruses comment="Shxt Heap " disabled=no dst-port=6912 protocol=tcp
add action=drop chain=tcp-viruses comment="Indoctrination" disabled=no dst-port=6939 protocol=tcp
add action=drop chain=tcp-viruses comment="More than 3 known worms and trojans use this port" disabled=no dst-port=6969 protocol=tcp
add action=drop chain=tcp-viruses comment="Gate Crasher" disabled=no dst-port=6970 protocol=tcp
add action=drop chain=tcp-viruses comment="w32.mytob.mx@mm, Remote Grab, explo it translation server, kazimas, remote grab" disabled=no dst-port=7000-7001 protocol=tcp
add action=drop chain=tcp-viruses comment="Unknown Trojan" disabled=no dst-port=7028 protocol=tcp
add action=drop chain=tcp-viruses comment="W32.Spybot.ycl" disabled=no dst-port=7043 protocol=tcp
add action=drop chain=tcp-viruses comment="SubSeven" disabled=no dst-port=7215 protocol=tcp
add action=drop chain=tcp-viruses comment="Net Monitor" disabled=no dst-port=7300-7308 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.netshadow" disabled=no dst-port=7329 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.phoenix" disabled=no dst-port=7410 protocol=tcp
add action=drop chain=tcp-viruses comment="Host Control" disabled=no dst-port=7424 protocol=tcp
add action=drop chain=tcp-viruses comment="QaZ -Remote Access Trojan" disabled=no dst-port=7597 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.GRM" disabled=no dst-port=7614 protocol=tcp
add action=drop chain=tcp-viruses comment="Glacier" disabled=no dst-port=7626 protocol=tcp
add action=drop chain=tcp-viruses comment="backdoor.nodelm" disabled=no dst-port=7740-7749 protocol=tcp
add action=drop chain=tcp-viruses comment="GodMessaage, Tini" disabled=no dst-port=7777 protocol=tcp
add action=drop chain=tcp-viruses comment="ICKiller" disabled=no dst-port=7789 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Amitis.B" disabled=no dst-port=7823 protocol=tcp
add action=drop chain=tcp-viruses comment="The ReVeNgEr" disabled=no dst-port=7891 protocol=tcp
add action=drop chain=tcp-viruses comment="W32.kibuv.b" disabled=no dst-port=7955 protocol=tcp
add action=drop chain=tcp-viruses comment="Mstream" disabled=no dst-port=7983 protocol=tcp
add action=drop chain=tcp-viruses comment="w32.mytob.lz@mm" disabled=no dst-port=7999-8000 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Ptakks.b" disabled=no dst-port=8012 protocol=tcp
add action=drop chain=tcp-viruses comment="W32.Spybot.pen " disabled=no dst-port=8076 protocol=tcp
add action=drop chain=tcp-viruses comment="More than 3 known worms and trojans use this port" disabled=no dst-port=8081 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Asniffer" disabled=no dst-port=8090 protocol=tcp
add action=drop chain=tcp-viruses comment="W32.PejayBot" disabled=no dst-port=8126 protocol=tcp
add action=drop chain=tcp-viruses comment="BackOrifice 2000" disabled=no dst-port=8787 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Monator" disabled=no dst-port=8811 protocol=tcp
add action=drop chain=tcp-viruses comment="Beagle.B@mm" disabled=no dst-port=8866 protocol=tcp
add action=drop chain=tcp-viruses comment="BackOrifice 2000" disabled=no dst-port=8879 protocol=tcp
add action=drop chain=tcp-viruses comment="W32.Axatak" disabled=no dst-port=8888-8889 protocol=tcp
add action=drop chain=tcp-viruses comment="BackHack - Rcon, Recon, Xcon" disabled=no dst-port=8988-8989 protocol=tcp
add action=drop chain=tcp-viruses comment="W32.randex.ccf - netministrator" disabled=no dst-port=9000 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.nibu.k" disabled=no dst-port=9125 protocol=tcp
add action=drop chain=tcp-viruses comment="InCommand" disabled=no dst-port=9400 protocol=tcp
add action=drop chain=tcp-viruses comment="W32.kibuv.worm" disabled=no dst-port=9604 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.gholame" disabled=no dst-port=9696-9697 protocol=tcp
add action=drop chain=tcp-viruses comment="BackDoor.RC3.B, Portal of Doom" disabled=no dst-port=9872-9878 protocol=tcp
add action=drop chain=tcp-viruses comment="More than 3 known worms and trojans use this port" disabled=no dst-port=9898-10002 protocol=tcp
add action=drop chain=tcp-viruses comment="iNi-Killer" disabled=no dst-port=9989 protocol=tcp
add action=drop chain=tcp-viruses comment="W.32.Sasser Worm" disabled=no dst-port=9996 protocol=tcp
add action=drop chain=tcp-viruses comment="The Prayer" disabled=no dst-port=9999 protocol=tcp
add action=drop chain=tcp-viruses comment="OpwinTRojan" disabled=no dst-port=10000 protocol=tcp
add action=drop chain=tcp-viruses comment="OpwinTRojan" disabled=no dst-port=10005 protocol=tcp
add action=drop chain=tcp-viruses comment="Cheese worm" disabled=no dst-port=10008 protocol=tcp
add action=drop chain=tcp-viruses comment="w32.mytob.jw@mm" disabled=no dst-port=10027 protocol=tcp
add action=drop chain=tcp-viruses comment="Portal of Doom" disabled=no dst-port=10067 protocol=tcp
add action=drop chain=tcp-viruses comment="Mydoom.B" disabled=no dst-port=10080 protocol=tcp
add action=drop chain=tcp-viruses comment="backdoor.ranky.o, backdoor.staprew, backdoor.tuimer, gift trojan, brainspy, silencer" disabled=no dst-port=10100-10103 protocol=tcp
add action=drop chain=tcp-viruses comment="Acid Shivers" disabled=no dst-port=10520 protocol=tcp
add action=drop chain=tcp-viruses comment="Coma" disabled=no dst-port=10607 protocol=tcp
add action=drop chain=tcp-viruses comment="Ambush" disabled=no dst-port=10666 protocol=tcp
add action=drop chain=tcp-viruses comment="Senna Spy" disabled=no dst-port=11000 protocol=tcp
add action=drop chain=tcp-viruses comment="Host Control" disabled=no dst-port=11050-11051 protocol=tcp
add action=drop chain=tcp-viruses comment="Progenic Trojan - Secret Agent" disabled=no dst-port=11223 protocol=tcp
add action=drop chain=tcp-viruses comment="Dipnet / oddBob Trojan" disabled= no dst-port=11768 protocol=tcp
add action=drop chain=tcp-viruses comment="Latinus Server" disabled=no dst-port=11831 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Satancrew" disabled=no dst-port=12000 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Berbew.j" disabled=no dst-port=12065 protocol=tcp
add action=drop chain=tcp-viruses comment="GJamer" disabled=no dst-port=12076 protocol=tcp
add action=drop chain=tcp-viruses comment="Hack'99, KeyLogger" disabled=no dst-port=12223 protocol=tcp
add action=drop chain=tcp-viruses comment="Netbus, Ultor's Trojan" disabled= no dst-port=12345-12346 protocol=tcp
add action=drop chain=tcp-viruses comment="Whack-a-Mole" disabled=no dst-port=12361-12363 protocol=tcp
add action=drop chain=tcp-viruses comment="NetBus" disabled=no dst-port=12456 protocol=tcp
add action=drop chain=tcp-viruses comment="Whack Job" disabled=no dst-port=12631 protocol=tcp
add action=drop chain=tcp-viruses comment="Eclypse 2000" disabled=no dst-port=12701 protocol=tcp
add action=drop chain=tcp-viruses comment="Mstream attack-handler" disabled= no dst-port=12754 protocol=tcp
add action=drop chain=tcp-viruses comment="Senna Spy" disabled=no dst-port=13000 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Amitis.B" disabled=no dst-port=13173 protocol=tcp
add action=drop chain=tcp-viruses comment="W32.Sober.D" disabled=no dst-port=13468 protocol=tcp
add action=drop chain=tcp-viruses comment="Kuang2 the Virus" disabled=no dst-port=13700 protocol=tcp
add action=drop chain=tcp-viruses comment="Trojan.Mitglieder.h" disabled=no dst-port=14247 protocol=tcp
add action=drop chain=tcp-viruses comment="Mstream attack-handler" disabled= no dst-port=15104 protocol=tcp
add action=drop chain=tcp-viruses comment="Dipnet / oddBob Trojan" disabled= no dst-port=15118 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Cyn" disabled=no dst-port=15432 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Lastdoor" disabled=no dst-port=16322 protocol=tcp
add action=drop chain=tcp-viruses comment="Mosucker" disabled=no dst-port=16484 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Haxdoor.D - Stacheldraht" disabled=no dst-port=16660-16661 protocol=tcp
add action=drop chain=tcp-viruses comment="More than 3 known worms and trojans use this port" disabled=no dst-port=16959 protocol=tcp
add action=drop chain=tcp-viruses comment="Kuang2.B Trojan" disabled=no dst-port=17300 protocol=tcp
add action=drop chain=tcp-viruses comment="W32.Imav.a" disabled=no dst-port=17940 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Gaster" disabled=no dst-port=19937 protocol=tcp
add action=drop chain=tcp-viruses comment="Millennium - AcidkoR" disabled=no dst-port=20000-20002 protocol=tcp
add action=drop chain=tcp-viruses comment="NetBus 2 Pro" disabled=no dst-port=20034 protocol=tcp
add action=drop chain=tcp-viruses comment="Chupacabra" disabled=no dst-port=20203 protocol=tcp
add action=drop chain=tcp-viruses comment="Bla Trojan" disabled=no dst-port=20331 protocol=tcp
add action=drop chain=tcp-viruses comment="Shaft Client to handlers" disabled=no dst-port=20432-20433 protocol=tcp
add action=drop chain=tcp-viruses comment="Trojan.Adnap" disabled=no dst-port=20480 protocol=tcp
add action=drop chain=tcp-viruses comment="Trojan.Mitglieder.E" disabled=no dst-port=20742 protocol=tcp
add action=drop chain=tcp-viruses comment="W32.dasher.b" disabled=no dst-port=21211 protocol=tcp
add action=drop chain=tcp-viruses comment="Exploiter - Kid Terror - Schwndler - Winsp00fer" disabled=no dst-port=21554 protocol=tcp
add action=drop chain=tcp-viruses comment="Prosiak - Ruler - Donald Dick - RUX The TIc.K" disabled=no dst-port=22222 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Simali" disabled=no dst-port=22311 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor-ADM" disabled=no dst-port=22784 protocol=tcp
add action=drop chain=tcp-viruses comment="W32.hllw.nettrash" disabled=no dst-port=23005-23006 protocol=tcp
add action=drop chain=tcp-viruses comment="backdoor.berbew.j" disabled=no dst-port=23232 protocol=tcp
add action=drop chain=tcp-viruses comment="Trojan.Framar" disabled=no dst-port=23435 protocol=tcp
add action=drop chain=tcp-viruses comment="Donald Dick" disabled=no dst-port=23476-23477 protocol=tcp
add action=drop chain=tcp-viruses comment="w32.mytob.km@mm" disabled=no dst-port=23523 protocol=tcp
add action=drop chain=tcp-viruses comment="Delta Source" disabled=no dst-port=26274 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.optix.04" disabled=no dst-port=27379 protocol=tcp
add action=drop chain=tcp-viruses comment="Sub-7 2.1" disabled=no dst-port=27573 protocol=tcp
add action=drop chain=tcp-viruses comment="Trin00 DoS Attack" disabled=no dst-port=27665 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Sdbot.ai" disabled=no dst-port=29147 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.NTHack" disabled=no dst-port=29292 protocol=tcp
add action=drop chain=tcp-viruses comment="Latinus Server" disabled=no dst-port=29559 protocol=tcp
add action=drop chain=tcp-viruses comment="The Unexplained" disabled=no dst-port=29891 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Antilam.20" disabled=no dst-port=29999 protocol=tcp
add action=drop chain=tcp-viruses comment="AOL Trojan" disabled=no dst-port=30029 protocol=tcp
add action=drop chain=tcp-viruses comment="NetSphere" disabled=no dst-port=30100-30103 protocol=tcp
add action=drop chain=tcp-viruses comment="NetSphere Final" disabled=no dst-port=30133 protocol=tcp
add action=drop chain=tcp-viruses comment="Sockets de Troi" disabled=no dst-port=30303 protocol=tcp
add action=drop chain=tcp-viruses comment="Kuang2" disabled=no dst-port=30999 protocol=tcp
add action=drop chain=tcp-viruses comment="More than 3 known worms and trojans use this port" disabled=no dst-port=31335-31339 protocol=tcp
add action=drop chain=tcp-viruses comment="BOWhack" disabled=no dst-port=31666 protocol=tcp
add action=drop chain=tcp-viruses comment="Hack'a'Tack" disabled=no dst-port=31785-31792 protocol=tcp
add action=drop chain=tcp-viruses comment="backdoor.berbew.j" disabled=no dst-port=32121 protocol=tcp
add action=drop chain=tcp-viruses comment="Acid Battery" disabled=no dst-port=32418 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Alets.B" disabled=no dst-port=32440 protocol=tcp
add action=drop chain=tcp-viruses comment="Trinity Trojan" disabled=no dst-port=33270 protocol=tcp
add action=drop chain=tcp-viruses comment="trojan.lodeight.b" disabled=no dst-port=33322 protocol=tcp
add action=drop chain=tcp-viruses comment="Prosiak" disabled=no dst-port=33333 protocol=tcp
add action=drop chain=tcp-viruses comment="Spirit 2001 a" disabled=no dst-port=33911 protocol=tcp
add action=drop chain=tcp-viruses comment="BigGluck, TN" disabled=no dst-port=34324 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Lifefournow" disabled=no dst-port=36183 protocol=tcp
add action=drop chain=tcp-viruses comment="Yet Another Trojan" disabled=no dst-port=37651 protocol=tcp
add action=drop chain=tcp-viruses comment="More than 3 known worms and trojans use this port" disabled=no dst-port=39999 protocol=tcp
add action=drop chain=tcp-viruses comment="The Spy" disabled=no dst-port=40412 protocol=tcp
add action=drop chain=tcp-viruses comment="Agent 40421 - Masters Paradise" disabled=no dst-port=40421-40426 protocol=tcp
add action=drop chain=tcp-viruses comment="Master's Paradise" disabled=no dst-port=43210 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Amitis.B" disabled=no dst-port=44280 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Amitis.B" disabled=no dst-port=44390 protocol=tcp
add action=drop chain=tcp-viruses comment="Delta Source" disabled=no dst-port=47252 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Amitis.B" disabled=no dst-port=47387 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.antilam.20" disabled=no dst-port=47891 protocol=tcp
add action=drop chain=tcp-viruses comment="Sokets de Trois v2." disabled=no dst-port=50505 protocol=tcp
add action=drop chain=tcp-viruses comment="Fore" disabled=no dst-port=50776 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Cyn" disabled=no dst-port=51234 protocol=tcp
add action=drop chain=tcp-viruses comment="W32.kalel.a@mm" disabled=no dst-port=51435 protocol=tcp
add action=drop chain=tcp-viruses comment="Remote Windows Shutdown" disabled= no dst-port=53001 protocol=tcp
add action=drop chain=tcp-viruses comment="subSeven -Subseven 2.1 Gold" disabled=no dst-port=54283 protocol=tcp
add action=drop chain=tcp-viruses comment="More than 3 known worms and trojans use this port " disabled=no dst-port=54320-54321 protocol=tcp
add action=drop chain=tcp-viruses comment="WM Trojan Generator - File manager Trojan" disabled=no dst-port=55165-55166 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Osirdoor" disabled=no dst-port=56565 protocol=tcp
add action=drop chain=tcp-viruses comment="NetRaider Trojan" disabled=no dst-port=57341 protocol=tcp
add action=drop chain=tcp-viruses comment="BackDoor.Tron" disabled=no dst-port=58008-58009 protocol=tcp
add action=drop chain=tcp-viruses comment="Butt Funnel" disabled=no dst-port=58339 protocol=tcp
add action=drop chain=tcp-viruses comment="BackDoor.Redkod" disabled=no dst-port=58666 protocol=tcp
add action=drop chain=tcp-viruses comment="BackDoor.DuckToy" disabled=no dst-port=59211 protocol=tcp
add action=drop chain=tcp-viruses comment="Deep Throat" disabled=no dst-port=60000 protocol=tcp
add action=drop chain=tcp-viruses comment="Trinity" disabled=no dst-port=60001 protocol=tcp
add action=drop chain=tcp-viruses comment="Connection" disabled=no dst-port=60006 protocol=tcp
add action=drop chain=tcp-viruses comment="Xzip 6000068" disabled=no dst-port=60068 protocol=tcp
add action=drop chain=tcp-viruses comment="Connection" disabled=no dst-port=60411 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.mite" disabled=no dst-port=61000 protocol=tcp
add action=drop chain=tcp-viruses comment="Bunker-Hill Trojan" disabled=no dst-port=61348 protocol=tcp
add action=drop chain=tcp-viruses comment="Telecommando" disabled=no dst-port=61466 protocol=tcp
add action=drop chain=tcp-viruses comment="Bunker-Hill Trojan" disabled=no dst-port=61603 protocol=tcp
add action=drop chain=tcp-viruses comment="Bunker-Hill Trojan" disabled=no dst-port=63485 protocol=tcp
add action=drop chain=tcp-viruses comment="Phatbot, W32.hllw.gaobot.dk" disabled=no dst-port=63808-63809 protocol=tcp
add action=drop chain=tcp-viruses comment="Taskmin" disabled=no dst-port=64101 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Amitis.B" disabled=no dst-port=64429 protocol=tcp
add action=drop chain=tcp-viruses comment="More than 3 known worms and trojans use this port" disabled=no dst-port=65000 protocol=tcp
add action=drop chain=tcp-viruses comment="Eclypse" disabled=no dst-port=65390 protocol=tcp
add action=drop chain=tcp-viruses comment="Jade" disabled=no dst-port=65421 protocol=tcp
add action=drop chain=tcp-viruses comment="The Traitor (th3tr41t0r)" disabled=no dst-port=65432 protocol=tcp
add action=drop chain=tcp-viruses comment="Phatbot" disabled=no dst-port=65506 protocol=tcp
add action=drop chain=tcp-viruses comment="/sbin/init" disabled=no dst-port=65534 protocol=tcp
add action=drop chain=tcp-viruses comment="Adore Worm/Linux - RC1 Trojan" disabled=no dst-port=65535 protocol=tcp
add action=drop chain=tcp-viruses comment="Cafeini" disabled=no dst-port=51966 protocol=tcp
add action=drop chain=tcp-viruses comment="Acid baterry 2000" disabled=no dst-port=52317 protocol=tcp
add action=drop chain=tcp-viruses comment="Enterprise" disabled=no dst-port=50130 protocol=tcp
add action=drop chain=tcp-viruses comment="Online Keylogger" disabled=no dst-port=49301 protocol=tcp
add action=drop chain=tcp-viruses comment="Exploiter" disabled=no dst-port=44575 protocol=tcp
add action=drop chain=tcp-viruses comment="Prosiak" disabled=no dst-port=44444 protocol=tcp
add action=drop chain=tcp-viruses comment="Remote Boot Tool - RBT" disabled= no dst-port=41666 protocol=tcp
add action=drop chain=tcp-viruses comment="Storm" disabled=no dst-port=41337 protocol=tcp
add action=drop chain=tcp-viruses comment="Mantis" disabled=no dst-port=37237 protocol=tcp
add action=drop chain=tcp-viruses comment="Donald Dick" disabled=no dst-port=34444 protocol=tcp
add action=drop chain=tcp-viruses comment="Son of PsychWard" disabled=no dst-port=33577 protocol=tcp
add action=drop chain=tcp-viruses comment="Son of PsychWard" disabled=no dst-port=33777 protocol=tcp
add action=drop chain=tcp-viruses comment="Peanut Brittle, Project Next" disabled=no dst-port=32100 protocol=tcp
add action=drop chain=tcp-viruses comment="Donald Dick" disabled=no dst-port=32001 protocol=tcp
add action=drop chain=tcp-viruses comment="Hack'a'Tack" disabled=no dst-port=31785 protocol=tcp
add action=drop chain=tcp-viruses comment="Intruse" disabled=no dst-port=30947 protocol=tcp
add action=drop chain=tcp-viruses comment="Lamers Death" disabled=no dst-port=30003 protocol=tcp
add action=drop chain=tcp-viruses comment="Infector - ErrOr32" disabled=no dst-port=30000-30001 protocol=tcp
add action=drop chain=tcp-viruses comment="ovasOn" disabled=no dst-port=29369 protocol=tcp
add action=drop chain=tcp-viruses comment="NetTrojan" disabled=no dst-port=29104 protocol=tcp
add action=drop chain=tcp-viruses comment="Exploiter" disabled=no dst-port=28678 protocol=tcp
add action=drop chain=tcp-viruses comment="Bad Blood - Ramen - Seeker - SubSev en - SubSeven 2.1 Gold - Subseven 2.14 DefCon8 - SubSeven Muie - Ttfloader " disabled=no dst-port=27374 protocol=tcp
add action=drop chain=tcp-viruses comment="VoiceSpy" disabled=no dst-port=26681 protocol=tcp
add action=drop chain=tcp-viruses comment="Moonpie" disabled=no dst-port=25982 protocol=tcp
add action=drop chain=tcp-viruses comment="Moonpie" disabled=no dst-port=25685-25686 protocol=tcp
add action=drop chain=tcp-viruses comment="Infector" disabled=no dst-port=24000 protocol=tcp
add action=drop chain=tcp-viruses comment="InetSpy" disabled=no dst-port=23777 protocol=tcp
add action=drop chain=tcp-viruses comment="Evil FTP - Ugly FTP - Whack Job" disabled=no dst-port=23456 protocol=tcp
add action=drop chain=tcp-viruses comment="Asylum" disabled=no dst-port=23432 protocol=tcp
add action=drop chain=tcp-viruses comment="Amanda" disabled=no dst-port=23032 protocol=tcp
add action=drop chain=tcp-viruses comment="Logged" disabled=no dst-port=23232 protocol=tcp
add action=drop chain=tcp-viruses comment="Girl friend - Kid Error" disabled= no dst-port=21544 protocol=tcp
add action=drop chain=tcp-viruses comment="VP killer" disabled=no dst-port=20023 protocol=tcp
add action=drop chain=tcp-viruses comment="Mosucker" disabled=no dst-port=20005 protocol=tcp
add action=drop chain=tcp-viruses comment="ICQ Revenge" disabled=no dst-port=19864 protocol=tcp
add action=drop chain=tcp-viruses comment="Nephron" disabled=no dst-port=17777 protocol=tcp
add action=drop chain=tcp-viruses comment="Audiodoor" disabled=no dst-port=17593 protocol=tcp
add action=drop chain=tcp-viruses comment="Infector" disabled=no dst-port=17569 protocol=tcp
add action=drop chain=tcp-viruses comment="CrazzyNet" disabled=no dst-port=17499-17500 protocol=tcp
add action=drop chain=tcp-viruses comment="KidTerror" disabled=no dst-port=17449 protocol=tcp
add action=drop chain=tcp-viruses comment="Mosaic" disabled=no dst-port=17166 protocol=tcp
add action=drop chain=tcp-viruses comment="Priority" disabled=no dst-port=16969 protocol=tcp
add action=drop chain=tcp-viruses comment="ICQ Revenge" disabled=no dst-port=16772 protocol=tcp
add action=drop chain=tcp-viruses comment="CDK" disabled=no dst-port=15858 protocol=tcp
add action=drop chain=tcp-viruses comment="SubZero" disabled=no dst-port=15382 protocol=tcp
add action=drop chain=tcp-viruses comment="Host Control" disabled=no dst-port=15092 protocol=tcp
add action=drop chain=tcp-viruses comment="NetDemon" disabled=no dst-port=15000 protocol=tcp
add action=drop chain=tcp-viruses comment="PC Invader" disabled=no dst-port=14500-14503 protocol=tcp
add action=drop chain=tcp-viruses comment="Chupacabra" disabled=no dst-port=13473 protocol=tcp
add action=drop chain=tcp-viruses comment="Hack '99 KeyLogger" disabled=no dst-port=13223 protocol=tcp
add action=drop chain=tcp-viruses comment="PsychWard" disabled=no dst-port=13013-13014 protocol=tcp
add action=drop chain=tcp-viruses comment="Hacker Brasil - HBR" disabled=no dst-port=13010 protocol=tcp
add action=drop chain=tcp-viruses comment="Buttman" disabled=no dst-port=12624 protocol=tcp
add action=drop chain=tcp-viruses comment="BioNet" disabled=no dst-port=12349 protocol=tcp
add action=drop chain=tcp-viruses comment="Host Control" disabled=no dst-port=10528 protocol=tcp
add action=drop chain=tcp-viruses comment="Syphilis" disabled=no dst-port=10085-10086 protocol=tcp
add action=drop chain=tcp-viruses comment="Brown Orifice - RemoConChubo - Reverse WWW Tunnel Backdoor - RingZero" disabled=no dst-port=8080 protocol=tcp
add action=drop chain=tcp-viruses comment="DigitalRootbeer" disabled=no dst-port=2600 protocol=tcp
add action=drop chain=tcp-viruses comment="Doly Trojan" disabled=no dst-port=2345 protocol=tcp
add action=return chain=tcp-viruses comment="Back to previous menu" disabled=no
# protocol udp
# resource http://warnet60.blogspot.com/2010/04/handle-virus-trojan-port-with-mikrotik.html
add action=drop chain=udp-viruses comment="Socks Des Troie, Death" disabled=no dst-port=1 protocol=udp
add action=drop chain=udp-viruses comment="Netbios - DoS attacks msinit" disabled=no dst-port=135-139 protocol=udp
add action=drop chain=udp-viruses comment="Infector" disabled=no dst-port=146 protocol=udp
add action=drop chain=udp-viruses comment="N0kN0k Trojan" disabled=no dst-port=666 protocol=udp
add action=drop chain=udp-viruses comment="Maverick's Matrix 1.2-2.0 - remote storm" disabled=no dst-port=1025 protocol=udp
add action=drop chain=udp-viruses comment="NoBackO" disabled=no dst-port=1200-1201 protocol=udp
add action=drop chain=udp-viruses comment="BackOrifice DLL Comm" disabled=no dst-port=1349 protocol=udp
add action=drop chain=udp-viruses comment="FunkProxy " disabled=no dst-port=1505 protocol=udp
add action=drop chain=udp-viruses comment="ICA Browser" disabled=no dst-port=1604 protocol=udp
add action=drop chain=udp-viruses comment="BackDoor.Fearic" disabled=no dst-port=2000 protocol=udp
add action=drop chain=udp-viruses comment="Mini Backlash" disabled=no dst-port=2130 protocol=udp
add action=drop chain=udp-viruses comment="Deep Throat" disabled=no dst-port=2140 protocol=udp
add action=drop chain=udp-viruses comment="BackDoor.Botex" disabled=no dst-port=2222 protocol=udp
add action=drop chain=udp-viruses comment="voicespy" disabled=no dst-port=2339 protocol=udp
add action=drop chain=udp-viruses comment="Rat" disabled=no dst-port=2989 protocol=udp
add action=drop chain=udp-viruses comment="Deep Throat - Foreplay - Mini Backflash" disabled=no dst-port=3150 protocol=udp
add action=drop chain=udp-viruses comment="Backdoor.Fearic" disabled=no dst-port=3456 protocol=udp
add action=drop chain=udp-viruses comment="Eclypse" disabled=no dst-port=3801 protocol=udp
add action=drop chain=udp-viruses comment="WityWorm - BlackICE/ISS" disabled=no dst-port=4000 protocol=udp
add action=drop chain=udp-viruses comment="Remote Shell Trojan" disabled=no dst-port=5503 protocol=udp
add action=drop chain=udp-viruses comment="Y3K RAT" disabled=no dst-port=5882 protocol=udp
add action=drop chain=udp-viruses comment="Y3K RAT" disabled=no dst-port=5888 protocol=udp
add action=drop chain=udp-viruses comment="Mstream Agent-handler" disabled=no dst-port=6838 protocol=udp
add action=drop chain=udp-viruses comment="Unknown Trojan" disabled=no dst-port=7028 protocol=udp
add action=drop chain=udp-viruses comment="Host Control" disabled=no dst-port=7424 protocol=udp
add action=drop chain=udp-viruses comment="MStream handler-agent" disabled=no dst-port=7983 protocol=udp
add action=drop chain=udp-viruses comment="BackOrifice 2000" disabled=no dst-port=8787 protocol=udp
add action=drop chain=udp-viruses comment="BackOrifice 2000" disabled=no dst-port=8879 protocol=udp
add action=drop chain=udp-viruses comment="MStream Agent-handler" disabled=no dst-port=9325 protocol=udp
add action=drop chain=udp-viruses comment="Portal of Doom" disabled=no dst-port=10067 protocol=udp
add action=drop chain=udp-viruses comment="Portal of Doom" disabled=no dst-port=10167 protocol=udp
add action=drop chain=udp-viruses comment="Mstream handler-agent" disabled=no dst-port=10498 protocol=udp
add action=drop chain=udp-viruses comment="Ambush" disabled=no dst-port=10666 protocol=udp
add action=drop chain=udp-viruses comment="DUN Control" disabled=no dst-port=12623 protocol=udp
add action=drop chain=udp-viruses comment="Shaft handler to Agent" disabled=no dst-port=18753 protocol=udp
add action=drop chain=udp-viruses comment="Shaft handler to Agent" disabled=no dst-port=20433 protocol=udp
add action=drop chain=udp-viruses comment="GirlFriend" disabled=no dst-port=21554 protocol=udp
add action=drop chain=udp-viruses comment="Donald Dick" disabled=no dst-port=23476 protocol=udp
add action=drop chain=udp-viruses comment="Delta Source" disabled=no dst-port=26274 protocol=udp
add action=drop chain=udp-viruses comment="Sub-7 2.1" disabled=no dst-port=27374 protocol=udp
add action=drop chain=udp-viruses comment="Trin00/TFN2K" disabled=no dst-port=27444 protocol=udp
add action=drop chain=udp-viruses comment="Sub-7 2.1" disabled=no dst-port=27573 protocol=udp
add action=drop chain=udp-viruses comment="NetSphere" disabled=no dst-port=30103 protocol=udp
add action=drop chain=udp-viruses comment="More than 3 known worms and trojans use this port" disabled=no dst-port=31335-31338 protocol=udp
add action=drop chain=udp-viruses comment="Hack`a'Tack" disabled=no dst-port=31787-31791 protocol=udp
add action=drop chain=udp-viruses comment="Trin00 for windows" disabled=no dst-port=34555 protocol=udp
add action=drop chain=udp-viruses comment="Trin00 for windows" disabled=no dst-port=35555 protocol=udp
add action=drop chain=udp-viruses comment="Delta Source" disabled=no dst-port=47262 protocol=udp
add action=drop chain=udp-viruses comment="OnLine keyLogger" disabled=no dst-port=49301 protocol=udp
add action=drop chain=udp-viruses comment="Back Orifice" disabled=no dst-port=54320-54321 protocol=udp
add action=drop chain=udp-viruses comment="NetRaider Trojan" disabled=no dst-port=57341 protocol=udp
add action=drop chain=udp-viruses comment="The Traitor - th3tr41t0r" disabled=no dst-port=65432 protocol=udp
add action=return chain=udp-viruses comment="Back to previous menu" disabled=no
3. Pengecualian Blok Traffic, misalnya untuk HTTP, SMTP, TCP, ICMP, UDP
/ip firewall filter
add chain=forward action=accept protocol=tcp dst-port=80 comment="Allow HTTP"
add chain=forward action=accept protocol=tcp dst-port=25 comment="Allow SMTP"
add chain=forward protocol=tcp comment="allow TCP"
add chain=forward protocol=icmp comment="allow ping"
add chain=forward protocol=udp comment="allow udp"
add chain=forward action=drop comment="drop everything else"
4. Prevent Virus come from local network or public internet
/ip firewall filter
add action=jump chain=forward comment="PREVENT VIRUS COME FROM LOCAL NETWORK" disabled=no in-interface=ether-local jump-target=viruses
add action=jump chain=forward comment="PREVENT VIRUS COME FROM PUBLIC INTERNET NETWORK" disabled=no in-interface=ether-public jump-target=viruses
add action=jump chain=input comment="PREVENT VIRUS COME FROM LAN" disabled=no in-interface=ether-local jump-target=viruses
add action=jump chain=input comment="PREVENT VIRUS COME FROM PUBLIC INTERNET" disabled=no in-interface=ether-public jump-target=viruses
add action=jump chain=viruses comment="Jump to handle virus from TCP port" disabled=no jump-target=tcp-viruses protocol=tcp
add action=jump chain=viruses comment="Jump to handle virus from UDP port" disabled=no jump-target=udp-viruses protocol=udp
add action=return chain=viruses comment="Back to previous rules" disabled=no
untuk export scriptnya dapat didownload melalui link berikut.
resource :
http://wiki.mikrotik.com/wiki/Protecting_your_customers
http://warnet60.blogspot.com/2010/04/handle-virus-trojan-port-with-mikrotik.html
mikrotik
,
networking
,
tips
Nice idea,keep sharing your ideas with us.i hope this information's will be helpful for the new learners.
ReplyDeleteSelenium Training in Chennai
Selenium Training
JAVA Training in Chennai
Python Training in Chennai
Big data training in chennai
SEO training in chennai
Selenium Training in Chennai
Selenium Training in Velachery